Avaya Aura Session Manager is responsible for authentication of other SIP entities and acts as a portal to the Aura. All service requests are dispatched through the portal and orchestrated across applications to validate and complete each request. Asynchronous event responses are delivered to clients by marshalling then through Session Manager.

Thus, client access authentication centralized and pivoted at Session Manager. However, access control to resources and operations are distributed through the system depending on the granularity of control.

Coarse-grained (high-level) access controls are enforced at the service portal, service type handlers or interface handlers.

Finer-grained Access Control, however, is distributed through services where the requested action is executed - where knowledge (context) for application-specific decisions is available.